Note: This panel is being deprecated. To manage Event Sources, see About Event Source Management in the RSA Security Analytics Event Source Management Guide.

Security Analytics provides a way to monitor the stats for various event sources in the User Interface.The information displayed is historical and comes from the Log decoder. You can customize the view depending on the parameter you select to filter the data.

Filters

This table lists the various parameters you can use to filter and customize the event source monitoring view.

Parameter

Description

Event Source

Type the name of an event source you want to monitor. Select Regex to enable Regex filter. It performs a regular expression search against text and lists out the specified category. If Regex is not selected it supports globbing pattern matching.

Event Source Type

Select an event source type for the event source selected.

Log Collector

Select the Log Collector to display the data collected by the specified Log Collector.

Log Decoder

Select a Log Decoder to display the data collected by the specified Log Decoder.

Time Frame

Select the time frame for which you want the stats. Select Received if you need the query results to contain only event sources that logs have been received from within the selected time. or Select Not Received if you need the query results to contain only event sources that logs have not been received from within the selected time

Order By

Select the order in which the list needs to be filtered. Select Ascending to filter it in an ascending order.

From 10.6.3 onwards, the relevant parameters can be sorted in ascending or descending order.

Commands

Command

Action

Apply

Click to apply the filters chosen and display the list accordingly.

Clear

Click to clear the chosen filters.

Export as CSV

Click to export the information as a csv file.

Event Source Stats view display

Parameter

Description

Event Source

Displays the name of the event source.

Event Source Type

Displays the event source type.

Log Collector

Displays the Log Collector from where the events were initially captured.

Log Decoder

Displays the Log Decoder where the events are being processed.

Count

Displays the number of events received by Log Decoder since last reset of count value.

Idle Time

Displays the time lapsed after the last stat collection.

Last Collected Time

Displays the time at which the Log Decoder last processed an event for the event source

Historical Graph

Click to view the historical graph of the stats collected for the event source.